Date: Wed, 5 Jun 2002 19:59:53 +0200 From: Gerhard Sittig <Gerhard.Sittig@gmx.net> To: freebsd-security@FreeBSD.ORG Subject: Re: samba and ipfw Message-ID: <20020605195953.V1494@shell.gsinet.sittig.org> In-Reply-To: <Pine.GSO.4.32.0206051243390.25024-100000@nippur.irb.hr>; from mario.pranjic@irb.hr on Wed, Jun 05, 2002 at 12:50:52PM %2B0200 References: <Pine.GSO.4.32.0206051243390.25024-100000@nippur.irb.hr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jun 05, 2002 at 12:50 +0200, Mario Pranjic wrote:
>
> I have rules for smb like this:
> # samba
> add 660 allow tcp from any to me 138,139,445 setup keep-state
> add 661 pass udp from any 139 to me 139 keep-state
^^^ ^^^
This is a typo, isn't it? netbios-ns uses 137/udp. And it
mostly is run in broadcast mode, so I don't know how the "me"
keywords disturbes (is too strict).
As usual: When you have problems with your filter rules add a
default rule logging packets before denying them or use your
favourite sniffer tool (like tcpdump(8) which comes with the
base system) to see what's spoken. Isn't this a FAQ?
virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76
Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net
--
If you don't understand or are scared by any of the above
ask your parents or an adult to help you.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020605195953.V1494>